CYBERSECURITYBOOTCAMP

Petronella Technology Group designed this cybersecurity bootcamp for the IT administrator who has been drafted into security, the helpdesk lead who just inherited the firewall, the generalist moving toward a security specialty, and the MSP technician whose clients now expect CMMC-ready posture. It is deliberately not an introductory survey for executives, and it is not a preparatory course for a particular certification. It is a practical, lab-heavy program that makes participants competent on the tasks that show up on day one of a real security role.

The bootcamp runs five days in person or ten half-days remotely. Every morning covers concepts and threat-model framing. Every afternoon is hands-on lab work in an isolated range environment. Participants leave with a written playbook, a configured analyst workstation, and a portfolio of screenshots and reports from the exercises they completed.

What participants should already know

• Comfort working in a command line on Linux or Windows.
• Basic networking concepts including IP addressing, DNS, and TCP versus UDP.
• Experience administering at least one production system, even if informally.
• Willingness to read logs and packet captures for hours without panicking.

We vet all of this during intake. If a participant is a step below baseline, we recommend a pre-work set of short videos and readings so the first day is not lost to catch-up. If a participant is significantly above baseline, we offer the advanced track where the labs run deeper on incident forensics and threat hunting.

Day one: threat landscape and attacker mindset

We start with a tour of the attacker lifecycle: reconnaissance, initial access, execution, persistence, lateral movement, collection, command and control, exfiltration, and impact. Participants map real intrusions from public case studies onto each stage and then spend the afternoon running a safe reconnaissance exercise against a dummy target. The goal is not to teach participants to attack, it is to make defensive thinking concrete. You cannot block what you cannot picture.

Day two: network security in practice

Firewall rule engineering, network segmentation patterns, VLAN and VPN design, intrusion detection signatures, and packet capture analysis. Afternoon labs cover reading PCAPs with Wireshark, writing Suricata rules against a sample attack, and debugging a flat network that got popped because someone skipped segmentation. We also walk through how these concepts map into Petronella managed cybersecurity services for clients who later need implementation, not just training.

Day three: endpoint security and log analysis

Windows and Linux hardening baselines, EDR deployment, Sysmon and auditd configuration, and the log events that matter during an intrusion. Afternoon labs cover reading EDR alerts, pivoting through event logs to reconstruct an attack, and building a minimum-viable logging standard your organization can actually sustain. We also introduce Microsoft Defender for Endpoint, CrowdStrike Falcon, and SentinelOne at a conceptual level so participants can speak the language regardless of which tool their organization has licensed.

Day four: incident response and digital forensics fundamentals

The incident response lifecycle from preparation through lessons learned, including detection and analysis, containment, eradication, and recovery. Afternoon labs run a tabletop exercise followed by a hands-on triage of a compromised workstation image. Participants practice evidence preservation, chain of custody, timeline reconstruction, and drafting the incident report a regulator or insurer would expect. We also cover what happens when a forensic artifact actually matters in court.

Day five: security operations, vulnerability management, and the first hundred days

SIEM architecture, detection engineering, alert tuning, vulnerability scanning, patch prioritization, and building a security operations rhythm. The afternoon capstone gives each participant a simulated environment and one ninety-minute window to assess, remediate, and report. Successful completion requires a written executive summary, a prioritized remediation plan, and a dashboard mockup. We critique the capstone publicly but kindly, which is where most of the retention comes from.

Cybersecurity training without labs is theater. Petronella runs every bootcamp against an isolated cyber range we maintain for training. Participants get credentials to a dedicated tenant for the week and keep read-only access to their lab data for thirty days afterward so they can revisit the exercises while the material is fresh.

Lab exercises covered during the week

• Phishing analysis. Participants receive a batch of real-world phishing samples and must extract indicators, classify intent, and write a management-friendly summary.
• Malware triage. Static analysis of a sample binary using strings, PE headers, and behavioral sandbox output. No reverse engineering required, but enough depth to triage before escalation.
• Log analysis. A week of simulated endpoint and network logs containing one intrusion. Participants must detect it, scope it, and document the timeline.
• Firewall engineering. Given a set of business requirements, build a firewall policy that permits the required flows and blocks everything else, then validate against a provided traffic generator.
• Vulnerability assessment. Run a supervised scan against the lab environment using an open-source scanner, triage the results, and prioritize remediation using CVSS and exploit intelligence. This exercise translates directly into production through our vulnerability assessment services.
• Incident response tabletop. A ransomware scenario runs in real time with inject cards every fifteen minutes. Participants must coordinate detection, containment, communication, recovery, and post-incident reporting.

Completion is not the end of the engagement. Petronella wants graduates to stay competent, which is why every cohort gets structured follow-up for the first ninety days after the bootcamp ends.

• Weekly thirty-minute office hours where graduates bring real questions from their own environments and we walk through them with the class.
• Access to a private graduate channel where past and current cohorts share playbooks, rule sets, and lessons learned.
• Optional one-on-one review of a real project a graduate is delivering, from a firewall rewrite to a SIEM deployment to an incident response plan.
• Discounted enrollment in our Raleigh-area cybersecurity training and specialty workshops for ongoing development.
• Referral pipeline. Graduates who are exploring career moves get introductions into our network of clients hiring for security roles. We do not charge a placement fee.

Participants who want a certification pathway after the bootcamp can continue into Security+, Network+, or a specialty such as GIAC certifications. The bootcamp is deliberately vendor-neutral and is not a paid exam cram, but the coverage gives most participants a meaningful head start on the major foundational exams.

Petronella Technology Group staffs the cybersecurity bootcamp with practitioners, not career trainers. Every instructor is either currently delivering client engagements in the subject matter they teach or has done so within the last twelve months. That constraint shapes the material. Content that no longer matches real incident and assessment work gets retired before it reaches the classroom, and new attacks, tools, and frameworks appear in the curriculum within the same quarter they appear in the field.

Credentials that back the content

• CMMC-AB Registered Provider Organization (RPO #1449), with CMMC Registered Practitioner credentials across the delivery team.
• CCNA and CWNE certifications on the networking instructors.
• Digital Forensic Examiner license (DFE #604180) for the incident response and forensics modules.
• Over two decades of continuous cybersecurity practice, with founder Craig Petronella leading client engagements since 2002.
• BBB A+ rating since 2003 and a PPSB accreditation that has been continuously maintained.

Why practitioner-led training outperforms theory-led training

A practitioner who is running real investigations knows which log sources are actually useful, which vendor claims collapse under load, and which detection patterns generate false positives in practice. That knowledge only comes from doing the work. Academic instructors teach what the textbook says, which is often fine for introductory material and often wrong for operational reality. Our content routinely includes sentences like "the vendor documentation says X but in our last three engagements it did Y, so here is what to do about it." Participants remember those stories years after the formal curriculum fades, and they use the judgments the next time they are under pressure.

Cohort size and instructor ratio

Cohorts run from four to twenty-four participants. Above sixteen we add a teaching assistant so every participant gets hands-on attention during labs. We do not scale beyond twenty-four in a single cohort because the intimacy of the capstone review starts to break, and the bootcamp's value comes precisely from that review intensity.

The real test of the bootcamp is what participants can do the Monday after they graduate. The curriculum is deliberately built around specific operational capabilities, not abstract topics. A graduate who completes the program should be able to walk into a real environment and do the following without hand-holding.

• Read a Wireshark capture of a suspected intrusion and produce a written summary for leadership within ninety minutes.
• Configure a firewall rule set from a written business-requirement document and validate it against a traffic generator.
• Tune a noisy EDR alert pipeline to reduce false positives without breaking detection coverage, and document the tuning decisions for a future reviewer.
• Run through an incident response tabletop, facilitate the discussion, capture the decisions and action items, and produce a post-exercise report.
• Read a vulnerability scan output, prioritize the findings using CVSS plus exploitability and business context, and produce a remediation plan a leadership team can actually execute.
• Write a short incident report for a compromise scenario that satisfies the "reasonable detail" expectation most cyber-insurance carriers require.
• Interview a business owner about their regulatory obligations, translate the answers into a scoping memo, and identify the three or four highest-priority cybersecurity controls for that environment.
• Handle an executive conversation about risk without falling into jargon or vendor pitches. This is the capability clients value most and the one least served by certification-focused training.

The one-month check-in

Thirty days after the bootcamp ends, we schedule a ninety-minute group session where graduates share what they tried, what worked, and what broke. Most cohorts surface two or three valuable patterns during this call that nobody anticipated during the original curriculum, which then feed back into future iterations. The call is included in the base engagement. Participants who cannot attend get the recording plus a written recap.

For hiring managers and training budgets

Organizations often send two or three participants per cohort. The value of training multiple teammates together is substantial. Participants reinforce each other after the bootcamp, they produce shared artifacts their colleagues can reuse, and the habit of running tabletop exercises spreads faster when several people in the room already know the format. Hiring managers who sponsor the bootcamp usually see measurable improvement in incident response drills and security-review quality within the first quarter after graduation.

Alignment with the CMMC-AB RPO role

Because Petronella is a CMMC-AB Registered Provider Organization (RPO #1449), the bootcamp naturally aligns with the practices CMMC assessors care about. We do not pitch the bootcamp as a CMMC prep course, because that would be dishonest. It is a general cybersecurity practitioner bootcamp. But the curriculum map shares significant overlap with NIST 800-171 practice families around access control, audit and accountability, configuration management, incident response, and system and information integrity. Teams in defense-contractor environments find the overlap useful, and we explicitly call out the crosswalk during lab sessions so participants can see where their bootcamp skills apply directly to assessment-relevant controls.

Keeping the curriculum current

Cybersecurity curriculum that sits in a binder for three years becomes a liability. We refresh the bootcamp material quarterly using lessons from recent client engagements, published threat intelligence, and the specific techniques we are seeing adversaries adopt in the southeast. Participants who attended the bootcamp two years ago are welcome to audit a current session at a reduced rate if they want to top up on the material they missed. Several past graduates come back every other year for exactly this reason, and the conversations between past and current cohorts produce useful cross-pollination we could not engineer any other way.

Accessibility and accommodation

The bootcamp is designed to be accessible to participants with a range of accommodation needs. Lab exercises run in a browser-based environment that works with common screen readers. Captioning is standard for all remote sessions and can be arranged on request for in-person sessions. Participants who need paced sessions rather than the intensive five-day format can enroll in the ten half-day variant, which delivers the same material over a longer calendar window. We ask during intake about any accommodations that will help participants engage fully, and we design delivery around those answers rather than defaulting to a one-size-fits-all format.

Comparing the bootcamp to a typical certification course

Certification courses exist to pass an exam. Some of them do that very well. Our bootcamp exists to make a practitioner competent on the job. Some graduates use it as a stepping stone to a certification exam after. Others skip certifications entirely because their employer values demonstrated skill over paper. Both paths are valid. The important distinction is that a certification is an indicator of knowledge at a moment in time, while practitioner skill compounds over years. We build the bootcamp so it produces compounding skill even for participants who never take a certification exam.

The tools participants learn during the week

We deliberately cover a mix of open-source and commercial tools so participants are not locked into any single vendor. Wireshark, Zeek, Suricata, Sysmon, the ELK stack, Splunk concepts, Microsoft Defender terminology, CrowdStrike and SentinelOne orientation, Nmap, Nuclei, and Burp Suite all appear during labs. Nothing is memorized for certification purposes. Each tool is introduced through the real problem it solves, used during a lab, and left behind in favor of the next problem. Participants leave with a written tool-inventory note listing what they used, when to use it, and where to find training resources for deeper study.

What happens if a participant falls behind

The bootcamp is intensive. Occasionally a participant falls behind during a specific day because of a difficult concept, a technical issue with the lab environment, or a real-life emergency that pulls them out of the classroom. We keep the material available for thirty days after the bootcamp ends so participants can catch up asynchronously, and our instructors schedule individual office-hour slots for anyone who needs them during that window. We never shame anyone for falling behind, and we never charge extra for the catch-up sessions. The goal is competency for every graduate, not a completion rate that makes our marketing collateral look good.

Funding the bootcamp through workforce development dollars

Several participants over the past two years funded their enrollment through state workforce development grants, employer tuition reimbursement programs, or GI Bill related veteran education benefits. We cannot promise eligibility for any specific funding source, but we can produce the enrollment, curriculum, and outcomes documentation most programs request. Veterans and active-duty service members transitioning into civilian cybersecurity roles have found the bootcamp particularly useful, and we run an informal referral network for graduates looking to connect with veteran-friendly employers in the region.